Recent security research has shown that AI agents can be manipulated through seemingly harmless information, leading them to carry out actions they were never intended to perform.
Last week, security researchers showed just how easily an AI assistant can be manipulated. Using a self-hosted AI agent called OpenClaw, they demonstrated how an attacker could hide instructions inside seemingly harmless data, such as contact cards, meeting invites, and vCards. The AI agent read those hidden instructions and followed them without question.
No phishing email. No malware. No user clicking the wrong link.
The problem is that AI agents don't understand the difference between information and instructions in the same way we do. While we see a contact card as a name, phone number, and address, an AI agent sees a stream of text. If an attacker hides a command within that text, the agent may treat it as something it should act on.
This isn't just an OpenClaw problem. Any AI tool with access to your emails, files, calendars, CRM, or business systems could potentially be exposed to similar risks.
Most cybersecurity controls were designed around people making decisions. We train staff to spot suspicious emails, avoid dangerous links, and question unusual requests. AI agents don't have that instinct. They process information exactly as they're told, which means traditional security measures don't always protect against these new types of attacks.
That's not to say frameworks like Cyber Essentials aren't valuable. They remain an excellent foundation for protecting against common threats. However, they weren't designed with autonomous AI assistants in mind, and many businesses are already giving these tools access to sensitive systems and data.
The easiest way to think about an AI assistant is as a highly trusted employee. If a new member of staff joined tomorrow, you wouldn't immediately give them unrestricted access to your email, finance systems, client data, and company files. Yet that's exactly the level of access many organisations are granting AI tools.
From a compliance perspective, the responsibility still sits with your business. If an AI tool is processing personal data, the expectations around security, governance, and accountability don't disappear. Guidance from the UK's National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) is clear: understand what your AI tools can access, restrict permissions where possible, and maintain oversight of their activity.
The good news is that you don't need to stop using AI. You simply need to govern it properly.
Start by identifying which AI tools are being used across the business and what systems they can access. Review permissions and remove anything that's unnecessary. For higher-risk activities, such as sending emails, sharing files, deleting data, or approving payments, make sure a person remains involved in the final decision. Just as importantly, keep records of what your AI tools are doing and establish a simple policy that defines approved tools, approved uses, and who is responsible for managing them.
AI can deliver huge productivity gains, but it also introduces new risks that many organisations haven't yet considered. The businesses that struggle over the next few years won't be the ones adopting AI. They'll be the ones adopting it without understanding the security implications.
If you're not sure what your AI tools can access, now is the time to find out.
At Morgan & Morgan, we help organisations assess how AI is being used across the business, identify potential security and compliance risks, and put practical controls in place before they become a problem. Gte in toucvh if you want to know more
.svg)